This is a structural draft. The legally binding wording must be reviewed by Indian counsel before going live to production traffic.
1. Data Fiduciary
Nest Academy of Sports Management, Mumbai. Contact: grievance.officer@nasm.in.
2. Data we collect
Name, contact, DOB, academic record, payment, device/IP, photo/video.
3. Purposes
Admissions enquiry, application processing, scholarship assessment, marketing — separated by purpose with granular consent.
4. Lawful basis
Consent + Section 7 legitimate uses + Rule 12 / Fourth Schedule Part A for enrolled students.
5. Third-party processors
HubSpot (AU/US), Calendly (US), Google Workspace (US), Meta (US), Razorpay (India), hosting provider, SMS provider, WhatsApp BSP.
6. Retention
Leads 24 months · Students duration of programme + 8 years · Payments 8 years · Logs 1 year minimum · POSH/anti-ragging 3 years post-resolution.
7. Your rights
Access, correction, erasure, withdraw consent (parity), 90-day grievance, nominate, complain to the Data Protection Board.
8. Children's data
No tracking, behavioural targeting or marketing pixels under 18. Verifiable parental consent required.
9. Security
TLS 1.3, AES-256 at rest, VAPT, role-based access controls.
10. Breach notification
72 hours to the Data Protection Board, without undue delay to affected principals.
11. Photo / video release
Separate form, not bundled with admissions consent.
12. Grievance Officer
grievance.officer@nasm.in — 90-day SLA.
13. Updates
Material changes notified by email and on this page.